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DETAILED ACTION 
Response to Amendment 

1 . This communication is in response to the arguments filed on May 14, 2007. 
Objection to the drawings is withdrawn. 

35 U.S.C 1 12 2 nd paragraph rejections are withdrawn. 
35 U.S.C 101 rejections are withdrawn. 
Claim 48 has been canceled by the Applicant. 

Applicant's arguments, with respect to claim 25-47, have been fully considered 
but they are not deemed to be persuasive. 

Claims 25-47 are pending in this Office Action. 

Response to Arguments 

2. After further search and a thorough examination of the present application, 
claims 25-47 remain rejected. 

First, Applicant's arguments towards Cranor et al. (Platform for Privacy 
Preferences Syntax Specification, hereinafter Cranor) regarding the fact that Cranor 
describes privacy preferences and how they are used by a user agent; however, Cranor 
does not disclose a user agent that transmits information to a content provider regarding 
whether it accepts the content provider's privacy policy. 

In response to the Applicant's arguments, the Examiner respectfully submits in 
particular. Accordingly, Cranor discloses the user agent sends out the requested data to 
the content provider after the receipt of a proposal received from said content provider. 
In addition, the user agent MUST include the agreementlD(s) it believes it is operating 
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under to the content provider [Section 3.3.4, Page 16]. Cranor defines the 
agreementlD(s) as a record of the agreement reached by the user agent and the 
content provider regarding if the privacy practices of the content provider matches the 
user's preferences or not [Section 1.3, Pages 4-5]. 

Second, Applicant's argues that an advantage of the Applicant's invention is that 
the signaling required to reach a suitable policy setting is reduced compared with the 
teachings of Cranor. In Cranor, the service suggests different privacy policies until the 
user agrees, while in the present invention, the user agent can inform the service which 
implies that the service can apply a suitable privacy setting immediately. This results in 
a reduced signaling and delay caused by the signaling and, thus, improved 
performance. 

In response to the Applicant's arguments, the Examiner respectfully submits in 
particular. Cranor teaches rather than suggesting different privacy policies until the user 
agrees and/or sending a new proposal to the user agent on every contact, a content 
provider may send the agreementID of an existing agreement to the user agent 
asserting that the service and the user agent have already agreed to a proposal 
[Section 1.3, Pages 4-5\. Thus, this also reduces delay caused by the signaling process 
and enhances performance. 

Examiner is entitled to give claim limitations their broadest reasonable 
interpretation in light of the specification. 

Interpretation of Claims-Broadest Reasonable Interpretation 
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During patent examination, the pending claims must be 'given the broadest 
reasonable interpretation consistent with the specification.' Applicant always has the 
opportunity to amend the claims during prosecution and broad interpretation by the 
Examiner reduces the possibility that the claim, once issued, will be interpreted more 
broadly than is justified. In re Prater, 162 USPQ 541,550-51 (CCPA 1969). 

Reference is made to MPEP 2144.01 - Implicit Disclosure 

"(l]n considering the disclosure of a reference, it is proper to take into account not only 

specific teachings of the reference but also the inferences which one skilled in the art would 

reasonably be expected to draw therefrom." In re Preda, 401 F.2d 825, 826, 159 USPQ 342, 344 

(CCPA 1968) 

Subsequent to an analysis of the claims it was revealed that a number of 
limitations recited in the claims belong in the prior art and thus encompassed and/or 
implicitly disclosed in the reference (s) applied and cited. It is logical for the Examiner to 
focus on the limitations that are "crux of the invention" and not involve a lot of energy 
and time for the things that are not central to the invention, but peripheral. The 
Examiner is aware of the duties to address each and every element of claims, however, 
it is also important that a person prosecuting a patent application before the Office or an 
stakeholders of patent granting process make effort to understand the level of one of 
ordinary skill in the (data processing) art or the level one of skilled in the (data 
processing) art, as encompassed by the applied and cited references. The 
administrative convenience derived from such a cooperation between the attorneys and 
Examiners benefits the Office as well the patentee. 
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In view of the above, the Examiner contends that all limitations as recited in the 
claims have been addressed in this Action. 

For the above reasons, the Examiner believed that rejection of the last Office 
action was proper. 

Hence, Applicant's arguments do not distinguish over the claimed invention over 
the prior art of record. 

In light of the foregoing arguments, the 102 and 103 rejections are hereby 
sustained. 

Claim Rejections - 35 USC § 102 

1. The following is a quotation of the appropriate Paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this Section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

2. Claims 25-29; 33-36; 37-43, as well as understood; 44-46; 47, as well as 
understood, are rejected under 35 U.S.C. 102(b) as being anticipated by Cranor et al. 
(Platform for Privacy Preferences Syntax Specification). 

Regarding claim 25, Cranor et al. clearly show and disclose a method of 
managing cookies in a data processing system comprising the steps of: 
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a user agent requesting a resource associated with a cookie 
(proposal) from a content provider (home page of CoolCatalog) [Page 45, 
Appendix 4]. 

receiving a privacy policy associated with said cookie: and 
(CoolCatalog sends a proposal, including privacy practices, disclosures, 
and the data elements to which they apply, [Page 45, Appendix 4]). 

said user agent transmitting, in response to reception of [[a]] said 
privacy policy associated with said cookie (receipt of a proposal) [Page 16, 
Section 3.3.4, Paragraph 1], a cookie-policy receipt (agreementID / 
fingerprint of agreement) [Page 5, Section 1.3, Paragraph 4] to said 
content provider, said cookie-policy receipt specifying whether a user 
associated with said user agent accepts that said content provider 
provides said cookie to user equipment associated with said user agent. 
Regarding claim 26, and as applied to claim 25 above, Cranor et al. 
further disclose a method wherein user agent transmitting said cookie-policy 
receipt (agreementlD/fingerprint of agreement) [Page 5, Section 1.3, Paragraph 
4] in a resource fetch message: OK in case of acceptance, [Page 14, Section 
3.3.1] or SRY in case of refusal [Page 15, Section 3.3.3, Paragraph 1]. 

Regarding claim 27, and as applied to claim 25 above, Cranor et al. 
further disclose: 

said user agent comparing said r e c ei v e d privacy policy (proposal) 
with user preference to determine whether to enter into an agreement. An 
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agreement applies to all data exchanged between the user agent and 
service within a specified realm [Page 5, Section 1.3, Paragraph 2]. 

said user agent generating said cookie-policy receipt 
(agreementlD/fingerprint of agreement) [Page 5, Section 1.3, Paragraph 4] 
based on said comparison [Page 5, Section 1.3, Paragraphs 3-4]. 
Regarding claim 28, and as applied to claim 27 above, Cranor et al. 
further disclose a method when received privacy policy does not match user 
preference [Page 5, Section 1.3, Paragraph 4] comprising of: 

said user agent presenting said received privacy policy for said 
user on said user equipment (shown to a human user); and 

said user agent generating said cookie-policy receipt (agreementID 
/ fingerprint of agreement) in response to a user-input signal. 
Regarding claim 29, and as applied to claim 25 above, Cranor et al. 
further disclose [Page 5, Section 1.3, Paragraph 4]: 

said user agent presenting said received privacy policy for said 
user on said user equipment (shown to a human user); and 

said user agent generating said cookie-policy receipt (agreementID 
/ fingerprint of agreement) in response to a user-input signal. 
Regarding claim 30, and as applied to claim 25 above, Cranor et al. 
further disclose the step of authenticating said cookie-policy receipt 
(agreementID / fingerprint of agreement) [Page 5, Section 1 .3, Paragraph 4] with 
an authentication key (The MD5 algorithm is intended for digital signature 
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applications, where a large file must be "compressed" in a secure manner before 
being encrypted with a private (secret) key under a public-key cryptosystem such 
as RSA or PGP) [Pages 41-44, Appendix 2] associated with said user agent. 

Regarding claim 33, Cranor et al. clearly show and disclose a method of 
providing cookies in a data processing system where in a user agent requests a 
resource associated with a cookie from a content provider, said method 
comprising the steps of: 

receiving a resource request, wherein the resource is associated 
with a cookie from said content provider [Page 45, Appendix 4, Paragraph 2], 

transmitting a privacy policy associated with said cookie to said 
user agent [Page 45, Appendix 4, Paragraph 4]; and 

said content provider providing, in response to reception of a 
cookie-policy receipt (agreementlD/fingerprint of agreement) [Page 5, Section 

I. 3, Paragraph 4] from said user agent (user agent sending out requested data 
including agreementID it is operating under to server) [Page 16, Section 3.3.4, 
Paragraph 1], said cookie to user equipment associated with said user agent if 
said cookie-policy receipt specifies that a user associated with said user agent 
accepts that said content provider provides said cookie to said user equipment 
(once the user has accepted the agreement, the service will send the appropriate 
data elements, which are then saved transparently by the user agent) [Pages 10- 

I I , Section 2, Scenario 5]. 
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Regarding claim 34, and as applied to claim 33 above, Cranor et al. 
, further disclose a method wherein user agent transmitting said cookie-policy 
receipt (agreementlD/fingerprint of agreement) [Page 5, Section 1.3, Paragraph 
4] in a resource fetch message: OK in case of acceptance, [Page 14, Section 
3.3.1] or SRY in case of refusal [Page 16, Section 3.3.3, Paragraph 1]. 

Regarding claim 35, and as applied to claim 33 above, Cranor et al. 
further disclose a method wherein, said cookie-policy receipt 
(agreementlD/fingerprint of agreement) [Page 5, Section 1 .3, Paragraph 4] 
specifies that a user associated with said user agent accepts that said content 
provider provides said cookie to said user equipment (once the user has 
accepted the agreement, the service will send the appropriate data elements, 
which are then saved transparently by the user agent) [Pages 10-1 1, Section 2, 
Scenario 5]. 

Regarding claim 36, and as applied to claim 33 above, Cranor et al. 
further disclose a method wherein cookie policy receipt (agreementlD/fingerprint 
of agreement) [Page 5, Section 1 .3, Paragraph 4] is generated based on a 
comparison between said received privacy policy and user preference [Page 5, 
Section 1.3, Paragraphs 3-4] that specifies an agreement. An agreement applies 
to all data exchanged between the user agent and service within a specified 
realm [Page 5, Section 1.3, Paragraph 2]. 

Regarding claim 37, Cranor et al. clearly show and disclose a us o r agont 
prov i d e d i n a data processing system for requesting a resource associated with a 
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cookie (data) from a content provider, said usor agont data processing system 
comprising: 

a user agent ([Page 13, Section 3.2, Paragraph 1]), said user agent 
comprising: 

means for receiving a privacy policy associated with said 
cookie: ([Page 13, Section 3.2]) and 

means for transmitting (communicating to the server using 
standard HTTP methods such as "GET" or "POST") [Page 13, 
Section 3.2, Paragraph 1], in response to reception of a privacy 
policy associated with said cookie (receipt of a proposal) [Page 16, 
Section 3.3.4, Paragraph 1], a cookie-policy receipt 
(agreementlD/fingerprint of agreement) [Page 5, Section 1.3, 
Paragraph 4] to said content provider, said cookie-policy receipt 
specifying whether a user associated with said user agent accepts 
that said content provider provides said cookie to user equipment 
associated with said user agent [Page 5, Section 1.3, Paragraph 4]. 
Regarding claim 38, and as applied to claim 37 above, Cranor et al. 
further disclose that transmitting means (standard HTTP methods such as "GET" 
or "POST") [Page 13, Section 3.2, Paragraph 1] from user agent to content 
provider includes said cookie-policy receipt (agreementlD/fingerprint of 
agreement) [Page 5, Section 1.3, Paragraph 4] in a resource fetch message: OK 
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in case of acceptance, [Page 14, Section 3.3.1] or SRY in case of refusal [Page 
15, Section 3.3.3, Paragraph 1]. 

Regarding claim 39, and as applied to claim 37 above, Cranor et al. 
further disclose: 

means for comparing said received privacy policy (proposal/privacy 
practice) with user preference to determine whether to enter into an 
agreement. An agreement applies to all data exchanged between the user 
agent and service within a specified realm [Page 5, Section 1.3, 
Paragraph 2]. 

means for generating, connected to said comparing means, said 
cookie-policy receipt (agreementlD/fingerprint of agreement) [Page 5, 
Section 1 .3, Paragraph 4] basod on sa i d compar i son as a function of said 
comparing of said privacy policy with said user preference [Page 5, 
Section 1.3, Paragraphs 3-4]. 

Regarding claim 40, and as applied to claim 39 above, Cranor et al. 
further disclose [Page 5, Section 1.3, Paragraph 4] a means for presenting said 
received privacy policy (proposal) for said user on said user equipment (shown to 
a human user); said generating means being adapted for generating said cookie- 
policy receipt (agreementlD/fingerprint of agreement) in response to a user input 
signal. 

Regarding claim 41, and as applied to claim 37 above, Cranor et al. 
further disclose [Page 5, Section 1 .3, Paragraph 4]: 
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means for presenting said received privacy policy for said user on 

said user equipment (shown to a human user); and 

means for generating said cookie-policy receipt (agreementID / 

fingerprint of agreement) in response to a user input signal. 

Regarding claim 42, and as applied to claim 37 above, Cranor et al. 
further disclose a means to authenticate said cookie-policy receipt (agreementID 
/fingerprint of agreement) [Page 5, Section 1.3, Paragraph 4] with an 
authentication key (The MD5 algorithm is intended for digital signature 
applications, where a large file must be "compressed" in a secure manner before 
being encrypted with a private (secret) key under a public-key cryptosystem such 
as RSA or PGP) [Page 41, Appendix 2] associated with said user agent. 

Regarding claim 44, Cranor et al. clearly show and disclose a content 
provider apparatus adapted for providing a requested resource associated with a 
cookie to a user agent in a data processing system, said content provider 
comprising: 

means to receiving a resource request from said user agent ([Page 
9, Section 2, Scenario 1, Protocol Scenario]); 

means for transmitting a privacy policy associated with said cookie 
to said user agent (content/proposal is sent to user agent in a header, 
HTML header, or as referenced by URI) [Page 9, Section 2, Scenario 1, 
Protocol Scenario]; [[and]] 
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means for receiving a cookie-policy receipt [Page 9, Section 2, 
Scenario 1, Protocol Scenario]; and 

means for providing, in response to reception of a cookie-policy 
receipt (agreementlD/fingerprint of agreement) [Page 5, Section 1.3, 
Paragraph 4] from said user agent (user agent sending out requested data 
including agreementID it is operating under to server) [Page 16, Section 
3.3.4, Paragraph 1], said cookie to said user equipment associated with 
said user agent if said cookie-policy receipt (agreementlD/fingerprint of 
agreement) [Page 5, Section 1.3, Paragraph 4] specifies that a use 
associated with said user agent accepts that said content provider 
provides said cookie to said user equipment (once the user has accepted 
the agreement, the service will send the appropriate data elements, which 
are then saved transparently by the user agent) [Pages 10-11, Section 2, 
Scenario 5]. 

Regarding claim 45, and as applied to claim 44 above, Cranor et al. 
further disclose that a content provider apparatus receiving said cookie-policy 
receipt (agreementlD/fingerprint of agreement) [Page 5, Section 1.3, Paragraph 
4] in a resource fetch message: OK in case of acceptance, [Page 14, Section 
3.3.1] or SRY in case of refusal [Page 15, Section 3.3.3, Paragraph 1]. 

Regarding claim 46, and as applied to claim 44 above, Cranor et al. 
further disclose means for providing said cookie-associated resource 
(content/proposal is sent to user agent in a header, HTML header, or as 
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referenced by URI) [Page 9, Section 2, Scenario 1, Protocol Scenario] if said 
cookie-policy receipt specifies that said user accepts that said content provider 
provides said cookie to said user equipment (once the user has accepted the 
agreement, the service will send the appropriate data elements, which are then 
saved transparently by the user agent) [Pages 10-11, Section 2, Scenario 5]. 

Regarding claim 47, and as applied to claim 44 above, Cranor et al. 
further disclose a content provider apparatus wherein cookie policy receipt 
(agreementID / fingerprint of agreement) [Page 5, Section 1 .3, Paragraph 4] is 
generated based on a comparison between said received privacy policy and user 
preference [Page 5, Section 1 .3, Paragraphs 3-4] that specifies an agreement. 
An agreement applies to all data exchanged between the user agent and service 
within a specified realm [Page 5, Section 1 .3, Paragraph 2]. 

Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in Section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 31-32 and 43 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Cranor et al. in view of Mitchell et al. (Pat. No. US 6,959,420). 

Regarding claim 31, Cranor et al. clearly show and disclose the claimed 
invention as set forth in the rejection of claim 25 above, in addition, Cranor et 
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al. further disclose a cookie-policy receipt (agreementlD/fingerprint of agreement) 
[Page 5, Section 1.3, Paragraph 4] specifying user not accepting a content 
provider provides cookie to user equipment. However, Cranor et al. do not 
specifically disclose the step of removing previously stored cookie(s) associated 
with requested resource in user equipment. 

In the same field of endeavor, Mitchell et al. disclose a method to evaluate 
web site platform for privacy preferences policy wherein operation for web site to 
persist, retrieve (referred to as replay) or delete its cookie data in the set of 
cookies on the user's machine being done through user input via a prompt 
[Detailed Description, column 7-line 56 to column 8- line 28]. 

Therefore, it would have been obvious to a person of ordinary skill in the 
art at the time the invention was made that previously stored cookie(s) 
associated with a requested resource can be deleted through a user's input via a 
prompt as taught by Mitchell et al. in the system of Cranor et al. as described for 
preventing unauthorized content provider(s) to access and/or modify information / 
data from user's machine. 

Regarding claim 32, Cranor et al. clearly show and disclose the claimed 
invention as set forth in the rejection of claim 25 above, in addition, Cranor et 
al. further disclose a cookie-policy receipt (agreementlD/fingerprint of agreement) 
[Page 5, Section 1 .3, Paragraph 4] specifying user not accepting a content 
provider provides cookie to user equipment. However, Cranor et al. do not 
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specifically disclose further transmission(s) of cookie request command to user 
equipment from unauthorized content provider(s) will be automatically ignored. 

In the same field of endeavor, Mitchell et al. disclose a method to evaluate 
web site platform for privacy preferences policy wherein user's response to the 
prompt may be stored in association with a particular web site so that the user 
needs not again to be interrupted when this site is accessed [Detailed 
Description, column 12-lines 39-53]. 

Therefore, it would have been obvious to a person of ordinary skill in the 
art at the time the invention was made to acknowledge that when a request to set 
cookie on user's machine by a content provider is already rejected by user, 
followed requests by that particular provider will be ignored and/or automatically 
rejected by user agent as taught by Mitchell et al. in the system of Cranor et al. 
as described for preventing unauthorized content provider(s) to access and/or 
modify information / data from user's machine. 

Regarding claim 43, Cranor et al. clearly show and disclose the claimed 
invention as applied to claim 25 above, in addition, Cranor et al. further 
disclose a cookie-policy receipt (agreementlD/fingerprint of agreement) [Page 5, 
Section 1.3, Paragraph 4] specifying user not accepting a content provider 
provides cookie to user equipment. However, Cranor et al. do not specifically 
disclose what would happen to previously stored cookie associated with 
requested resource in user equipment. 
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In the same field of endeavor, Mitchell et al. disclose evaluation of web 
site platform with user's privacy preferences policy wherein there is a means for 
user agent to delete its cookie data in the set of cookies on the user's machine 
being done through user input via a prompt [Detailed Description, column 7-line 
56 to column 8-line 28]. 

Therefore, it would have been obvious to a person of ordinary skill in the 
art at the time the invention was made to acknowledge that previously stored 
cookie can be deleted by the user agent through a user's input via a prompt as 
taught by Mitchell et al. in the system of Cranor et al. as described for preventing 
unauthorized content provider(s) to access and/or modify information / data from 
user's machine. 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 
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Contact Information 



Any inquiry concerning this communication or earlier communications from the 
Examiner should be directed to Son T. Hoang whose telephone number is (571) 270- 
1752. The Examiner can normally be reached on Monday - Friday (7:30 am - 5:00 pm). 

If attempts to reach the Examiner by telephone are unsuccessful, the Examiner's 
supervisor, Christian Chace can be reached on (571) 272-4190. The fax phone number 
for the organization where this application or proceeding is assigned is (571) 273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO 
Customer Service Representative or access to the automated information system, call 
(800) 786-9199 (IN USA OR CANADA) or (571) 272-1000. 





S.H. 



(May 25, 2007) 



CHRISTIAN CHACE 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 



